…"how should I design this szenario. Should I use the AP ? Where should I put it to?"...
Do you want the linksys and the pfSense system to both be wirelessly directly connected to your mesh? And, they will be in separate locations? Otherwise, if they are near each other, only one needs to be on the wireless mesh and functioning as a wireless "AP"; thus, the second unit would be connected to the first via ethernet/wired. So, configure routing as normal, and add an HNA route announcement in OLSR for the second unit's IP & netmask.
Freifunk/olsr for Linksys WRT54GL...
To also use it as an "access point", update it with this package: "freifunk-dnsmasq..*_mipsel.ipk" from...
If you want wireless dhcp to Not use NAT and serve "real routed" IPs to local wireless clients then ssh (or PuTTY) into your linksys, you'll need to backup copy and delete /etc/dnsmasq.conf then recreate it because it's just a reference to a rom file, edit /etc/dnsmasq.conf with "vi" editor and add an extra "dhcp-range" line for device "wlnat" and configure the desired dhcp IP range and netmask (restrict range to your node's IPs) for wireless clients, also comment out lines begining with "address=", and if you set up "olsr nat" in the gui then erase it. [update] Newer versions may require DNS server IPs to be specified in dnsmasq.conf.
If you need more help check the Freifunk mailing list…
As for OLSR on pfSense:
sample olsr & dnsmasq configs...
plus add startup shell scripts such as these for olsrd & dnsmasq ...
If it's prism 2 based and you find the correct firmware to make it operate in AP mode, then it should be found by freebsd. If it's PrismGT or somthing along those lines then it will not work. In general old prism cards/prism cards in general are not recommended. Try to get your hands on something Atheros based.
In my case nothing is working. I tried ping, windows remote desktop, file sharing (but I can see the computer in the workgroup)….
After I reset the settings to default it is working!!!!
If I upload the Traffic Shaping settings than the WLAN clients won't see each other. I uploaded the other setting and it working good. (I have to reconfig the Traffic Shaper, arh!)
I have the problem. I made a WLAN Traffic Shaping rule (WLAN<->WAN High priority). If I delete this rule than the client can communicate each other!!!!!!!!!!!! (Moreover this rule do not work)
And I found another bug in RC3: If I delete a rule in the Traffic Shaper than the Apply Changes button won't appear.
Make sure you are using the correct mode (most likely infrastructure) with the wificard. Also note that 48 MB RAM is not enough RAM. We only support systems with at least 128 MB. Below that amount of rum you can encounter unpredictable problems due to processes not starting or randomly killing services.
I was investigating the same thing a couple of months ago. I read alot of discissions on mailinglists and got the impression that the guy that's responsible for the drivers Sam? doesn't think that turbo mode is a good thing on 2.4Ghz.
It works just fine in linux, and the HAL is the same for linux and BSD if I'm not misstaken, so I would assume that it's not implemented in the drivers.
The only thing that is not doable is to have trafficshaping at more than 2 interfaces, so you can't limit the neighbours to only use 512kbps. For the rest create a block rule at the wireless interface to not allow access to the other suibnets but to wan. Enable the pptp server or enable mobile ipsec clients (depending on what you prefer, pptp is probably easier to set up and most os's support it out of the box whereas you most likely need an additional ipsec client when using ipsec). Then you can tunnel in to your other networks with your own wireless client whereas the others can't access your private subnets and also only see encrypted traffic from your notebook to these subnets.
Not sure how this could be possible with a single radio, when I have seen something similar done you were always required to have dual-radio's in the device as each radio is only capable of broadcasting out one signal.
What you could do is use is a static dhcp address for the wpa2 area and leave it open on the rest. Then have a rule on the wireless card's rulset to say if you are in this ip range(those that need access to the lan) make an allow rule based on IP and then direct traffic that way. For the bandwidth shaping you could set some priority based on the IP range, this portition of it is a bit limited though.
nevermind about the P-IRQ, your using a WRAP setup…....P-IRQ is the prioity IRQ assignments....can get this problem with atx PIII/Socket A motherboards which use PC133 memory. Only found this problem in a 5 PCI slot asus board with using 3 pci cards + agp card....needed to shuffle the cards around as they had a P-IRQ conflict causing the above problem.
well, I added the interface and everything, booted up. I changed the wireless setting to Ad-Hoc, then like my system rebooted and I cant boot back into it (I get mounting errors at bootup). Any suggestions on how to boot back into my pfsense hard drive so I dont have to do the whole installation again, took a while to do that build thing above. I am booted in the system right now using live cd, but I wont be able to access my partitions without mounting them.
Even today, when AR5004x begins to be EOL, I still think cards like CM9 are the way to go. It's a shame that Atheros stop production of this wonderfull chipsets in flavour of the cheap AR5006x. I know i'll miss CM9 a lot…
guess the next step is going to be some mechanism that would allow me to force wireless connections to have to connect to a vpn in order to send any traffic … then WEP wouldn't matter at all.. (any hints on the best mechanism to do this would be appreciated Cheesy )
setup ptpp server on pfsense
block all trafic on wireless interface
open all trafic on ptpp clients interface
You can't block traffic with source=destination subnet. This traffic doesn't pass the pfSense. In fact you have to allow traffic between the wireless clients with that option but beyond that it's not a pfSense issue.
You first have to assign the wireless interfaces. You can do that from the shell menu or from the webgui at interfaces>assign. You should have ath0 and ath1 assigned to an OPTx interface each. Then simply go to interfaces>OPTx and configure your wireless settings there. You will have advanced settings if the interface is wireless (like ssid, wep, wpa, mode,…).
Going to reuse this old post. I didn't use my Wlan that much when i started this post so i let it be nonworking, but now i want to get it to work again ;)
This is the issue:
When i use the webGUI i do: Interface -> Assign -> (+) -> Then i get a "OPT1" and can chose from sis0, sis1, sis2, ral0 the lates one (ral0) is my wlancard so the machine have found it, but when i got the Wlan tab i cant chose that card there only sis, sis1, sis2…. =/
Why is this? Is my wlan card not supported?
edit btw i upgraded to latest version of pfsense now, RC2
Appart from all the right directions contained in lsf's post I would add that you should house all of your wifi equipment in a meticulously shielded, preferably aluminum, box.
Interference first becomes evident by blocking your front-end via the antenna input path.
When you are done with this, a RF band pass filter is not a luxury in your case in my opinion, it will still reach and de-sensitize your wifi receiver through other paths.
One last advise, if you are deploying point-to-point links use the most directional antennas you can afford with the best front to back ratio you can buy.
If you need 24 db EIRP then you need to calculate your output, meaning radio output in mw - convert mw to db, subtract any insertion loss / connector loss / filter loss /spiltter loss /cable&pigtail loss etc. then add antenna gain.
For the 400mw cards this will not be correct. they do not show output power in mw, but rather output power in mw +10dbi (astleast some do this). so mw to dbi +10dbi -"whateverloss" +antenna gain = dbi
then you can do dbi to EIRP ( www.e-zy.net is a nice place for wireless calculators )
I think one of the devs has a RAL somewhere that worked. I'm not sure if all modes (like hostap) are supported though. We provide all nicdrivers that are officially supported by freebsd but recommend using atheros chips in general as they support the full set of features (WPA, AES in hardware, hostap, …) and are used by the devs.
Thanks hoba for your quick reply. I have gotten it to work and it works very well. I am seriously impressed with pfsense. I believe that my WEP problem is related to the webgui problem discussed here…http://forum.pfsense.org/index.php/topic,770.msg8676.html#msg8676 . What I ended up doing was switching authentication from the default 'open' to 'shared' at which point I saved the setting and then changed it back to 'open' and resaved the setting. After I renewed the ath0 everything worked fine. I am not sure if this bug is being addressed but the behavior is consistently broken (I tested it three times with fresh installs each time.) It is however, a minor detail in an otherwise amazing product. Thanks to all for your hard work.
Oh I forgot to post back in here….
Well, jrmann1999 , what I did was that I set LAN interface (OPT1) to work as LAN(sory for redunducy) and I set ATH0 to work as WAN
Then I wen and diasabled routing and NAT and configured WAN wireless setings. All works fine... oh yea i think u have to config firewall too... dont remember that was half or more yeras ago....
What i did the last hour: first i upgraded from BETA4 again to RC2 by executing 'cvs_sync.sh releng_1 && shutdown -r now' via Putty…
Then i followed the advise of Hoba to set the WEP Key to 'open' from shared - that did the trick! WIFI worked on the RC2! But much more Headache i earned as the internet was not accessible at all anymore - reloaded the pfsense, reloaded the Laptop - no chance, even via Ethernet i did not succeed anymore to access the www!
Made a trace, stuck on the pfsense... strange that DNS resolving worked (checked interface status of WAN - released and renewed the IP of my Provider - no effect - no access; however... got rid again of the RC2 and changed to the 'RELENG_1_SNAPSHOT-07-23-2006' - the Trick with the 'open' WEP Key still worked and now the www was accessible again (settings never changed, they were always inherited obviously as i did firmware upgrades via GUI)
So finally i'm glad that everything runs now, am wondering if the GUI shows me the next days again the CPU Load Bar fully up at 100% - even as 'top' says 5% ;-) - if so, i could live with that!
Thanks Guys, i'm going now around to change the hosts config from 'shared' to 'open' ;D
It's true that cards/radios that can see eachother will "take turns" but lots of the clients will most likely not see all of them, so your clients will most likely generate "noise" to the other panels/sectors. I'd go with multiple channels or antenna splitters, and for backhaul I'd use 5.X GHz.
Thanks for the info. I'll just move to a captive portal and mac filtering for the residential. I was planning on having business connections rent our bridges, so it won't matter to use the same encryption key since they won't know the key.
olsr is a protocol for sharing dynamic routing info
all wirelles cards you have to put in ad hoc mode and use the same sidd and channel
so that there a backbone is forming
olsr will send out info frames so now and then
by with the ather nodes will find there neabors and the how good that rout is and to with nodes that node has access
routes you can enter in the hma of olsr and will then be shaerd on the olsrd mesh
with his you enter only the local routes of a olsr node on iets node
this info will be send out bij the olsr protocol every so manny seconds
olso route info fron other nodes that it haerd will be send so that there can form a route
if a route or node disapeers that on the holle olsrd mesh it will be gone in a few seconds
and a new route will be found if posebole